"This Bot Hunts Software Bugs for the Pentagon"
ForAllSecure, a Carnegie Mellon University startup, developed a tool called Mayhem that examines software to find security flaws. The U.S. Air Force, Navy, and Army, as well as the internet infrastructure company Cloudflare uses Mayhem as a part of their security tools. ForAllSecure was recently awarded a $45 million contract by the Pentagon to expand Mayhem's application to find bugs in software used by the U.S. military. The department has a lot of bugs to find, as indicated by the discovery of critical software vulnerabilities in almost all weapons systems tested by the Department of Defense (DoD) between 2012 and 2017. ForAllSecure cofounder and CEO David Brumley says the tool is intended to assist human experts and increase their productivity, not replace them. Mayhem has found flaws in Netlfix Dial software, the control software of a commercial passenger plane, and OpenWRT software used in millions of networking devices. The techniques used by Mayhem to discover unknown security flaws are called fuzzing and symbolic execution. This article continues to discuss Mayhem in relation to its origin, applications in different areas, techniques, and support, as well as the future of automation in computer security.
Wired reports "This Bot Hunts Software Bugs for the Pentagon"